authentication flow confusion

Richard Levenberg richardl at
Fri May 10 18:00:55 EDT 2019

I did read about External but the docs say:

As a rule, using WebFlow is better, easier, and safer, but it does
require writing Java code in most cases. This is usually true for
external mechanisms also, but they can in some cases be implemented with
JSP alone.

So I was trying to figure out the web flow way. The webflow
configuration for password seemed very complex so I thought I could just
write something to sit inside that complexity.


On 5/10/19 2:53 PM, Cantor, Scott wrote:
> On 5/10/19, 5:47 PM, "users on behalf of Richard Levenberg" <users-bounces at on behalf of richardl at> wrote:
>> The .jsp is from another system and its value is it handles, from a
>> UI/UX perspective, the states that could come back.
> If you have an external mechanism that's self contained, then you don't use the Password flow, you use External and use a servlet/JSP model to do all the work outside the IdP.
> -- Scott

More information about the users mailing list